Research data management at KTH should be done according to the
KTH guidelines on managing research data
. In the guidelines, the overall legal principles for research data management are outlined. But different legal frameworks apply for different types of research data so read more about details here.
Research data is regulated in several different parts of the Swedish law. Relevant legislation is listed on the Swedish version of this page.
It is common with many collaboration partners in a research project. An important consideration when it comes to data management in different collaboration agreements is that it should be clearly stated who the processor of data is, i.e. who is responsible for different stages of the data treatment. In a data management plan one can clarify who is responsible for processing and storage of data.
It is becoming more common that funding agencies require a data management plan and also that data should be publicly available (Open data). As a public state university, KTH abides under the principle of public access to official records. This means that most research data is a public act. Exception is made for data that is within the scope of secrecy according to the Public Access to Information and Secrecy Act and data that contains sensitive personal data. In a collaboration agreement it should be clarified when reason for secrecy exists for data collected, measured or created within a research project.
It should also be clear in the agreements who will be the owner of any Intellectual Property (IP) that may arise in the research project and whether a permit to use data protected by Copyright is needed. Depending on what type of data that is generated, other agreements or assessments may also be necessary, such as data processing agreements according to GDPR.
The person responsible for processing data should also consider whether the research requires approval according to the Ethical Review Act before the project starts.
If you need more information on a certain legal aspect, you can find it below.
KTH is a government authority which means that most research data should be treated as public documents according to The Public Access to Information and Secrecy Act (Offentlighets- och sekretesslagen). In short, this means that if there are no specific reasons for secrecy, research data should be made publicly available. Secrecy may be regulated in funding agency agreements or in collaboration agreements. Acceptable reasons for secrecy in research are described in section 3.4.4 in the
KTH policy for public access to information
What is personal information?
All information that directly or indirectly relates to a living person.
Sensitive personal information is information regarding a person’s:
Religious or philosophical convictions
Membership in a Union
Sexual life or sexual orientation
Biometric data that specifically identifies a unique person
Personal data can only be processed when there are lawful reasons to do so. To process personal data you must have lawful reasons to do so. Scientific research conducted at a Swedish institution for higher education can often be considered to be done in the publish interest, since those institution has a legal obligation to do research. In some cases consent can also be used, but because of the power imbalance between the research principal (the university) and the research subject, consent cannot be generally applied as a lawful reason to process personal data.
To protect personal integrity while making datasets publicly available, it is sometimes enough to pseudonymize data. However, sensitive personal information should not be published and also requires higher security in the data management process. A special impact assessment is required when sensitive personal data is involved. This is also needed in certain other cases, such as when automated decision systems based on personal data are developed or filming in public places takes place. If this applies to your research project, contact the KTH Data protection officer.
If data that includes personal information is stored outside KTH servers it is important to have a data processing agreement (DPA) with the organization(s) that store or process the data.
If a research project includes research on living/deceased human subjects or includes sensitive personal information the Ethical Review Act states that your project must be approved by the Swedish Ethical Review Authority before starting. The Swedish Ethical Review Authority currently has very little information in English on their website, but they do offer translations for some forms.
If biological material from human subjects is collected, the samples must be treated according to the Biobanks in Medical Care Act and reported to the
Swedish Bio Bank registry
There is no copyright for factual data/observations but copyright apply on data such as images, software code and other creative works. This means that usage of such data may require consent form the Copyright holder also for research purposes who also has the right to be contributed. The principle of public access to official records holds also for Copyright protected material and may be ordered to be made publicly available. However, the person who order the material to be publicly available cannot use the material without consent from the Copyright holder.
If you are the creator and copyright holder you can decide to share your work under an open license where you give consent for usage of your Copyright protected material. There are different types of open licenses such as Creative Commons licenses often used for texts, images and music, or other licenses used for source code or databases. You can contact KTH Library for advice on choosing a suitable license.
If considerable investments have been made to collect a large compilation of data, i.e. create a database, there may be a certain protection for the database (see 49§ Upphovsrättslagen and the EU Directive on the legal protection of databases).
It should be clearly stated in a research project agreement who owns IP that may arise in the project. The main point of view is that KTH should be responsible for research data that is produced by KTH researchers and that this data should be made available for academic use.
Patentable inventions etc. that arise as part of research or educational activities are owned by the individual researcher/teacher – “The professor’s privilege”. Data that could be a basis for patentable inventions may in agreements be protected for a limited time by secrecy.
The Archival Act regulates among other things how and what a public authority such as KTH should archive for the future world. The archive of a public authority consists of the public documents arising from the activities of the public authority. Some documentation from the research process is required to be preserved.